II. CLAIMS 


1. (Original) Process for the automated creation of roles for a 
role-based access control system of an enterprise, whereas the 
system organizes and manages the access of users to sensitive 
information in an inter- and/or intranet, by means of at least 
one data base comprising at least the relevant, existing security 
data about users and their access to sensitive information, the 
data base being connected to a computer, the process comprises 
the following steps: 

a) loading the security data from the data base into the 
computer 

b) mining the loaded data to find similarities that will allow 
the creation of organizational roles and/or functional roles 
and 

c) creation of at least one role based on the outcome of step 
b. 


2. (Original) Process according to claim 1, whereas the 
computer is connected to the inter-and/or intranet and 
automatically assigns the created role(s) according to step c to 
the users in the inter- and/or intranet. 

3. (Original) Process according to claim 1, whereas the 
database is stored on a hard disk. 


2 


4. (Original) Process according to claim 1, whereas the 
database is stored on the RAM of a computer. 

5. (Original) Process according to claim 1, whereas the mining 
of the loaded security data comprises clustering the loaded data 
to find suitable semantics for role description and/or statistics 
for values of all role attributes. 

6. (Original) Process according to claim 1, whereas the mining 
of the loaded security data comprises association methods to find 
similarities in the loaded security data and preferably group as 
much as possible of the security data into as little as possible 
roles. 

7. (Original) Process according to claim 1, whereas the 
resulting roles are automatically checked and approved by the 
computer before they are assigned to the users. 

8 . (Original ) Process according to claim 1 , whereas the 
relevant data is at least access control data, organizational 
data and/or functional data of the enterprise. 

9. (Original) Process according to claim 1, that in a first 
step the data is explored by the computer. 

10. (Original) Process according to claim 1, whereas the created 
roles are automatically stored in the data base. 
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